back to article Starbucks site slurped, Z-Wave locks clocked, mad Mac Monero mining malware and much more

While this week was dominated by news of a new Spectre variant, the VPNFilter botnet, and TalkTalk's badbad routersrouters, plenty of other stories popped up. Here are a handful of security happenings that you may have missed. Wireless Z-Wave smart-locks, home IoT devices menaced Wireless gadgets, such as home smart locks, …

  1. Destroy All Monsters Silver badge

    Implied cat stroking and ominous button pushing

    "As Xenotime matures, it is less likely that the group will make this mistake in the future."

    Somebody is having a bad time about now.

  2. Waseem Alkurdi Silver badge

    This is familiar enough

    'We kindly request that you follow this link HERE and sign in with your email to view this information from (name of accounting association) to all active members. This announcement has been updated for your kind information through our secure information sharing portal which is linked to your email server'."

    Beancounters you say? Is it the BOFH who sent this?

  3. Mark 85 Silver badge

    According to the group's release, the unnamed man had used a set of Android malware packages to lift the bank account credentials of people in Russia and send them to a command server

    I guess no one told him that hacking his countrymen was a no-no but hacking the rest of the world was ok.

    1. macjules Silver badge

      More likely, "he failed to pay a share of the proceeds of his crime over to President V Putin"

      1. Destroy All Monsters Silver badge
        Holmes

        Apparently P.U.T.I.N. itself just bent to the wishes of a British Judge and had RT remove the story about Tommy Robinson getting sent to jail (where there is a bounty on his head) because its is illegal to report about that in the UK.

        So be grateful.

        1. Anonymous Coward
          Big Brother

          RT removed story about Tommy Robinson

          "Apparently P.U.T.I.N. itself just bent to the wishes of a British Judge and had RT remove the story about Tommy Robinson getting sent to jail"

          "Tommy Robinson arrested for ‘breach of the peace’ after chasing down accused child abusers"

    2. Voland's right hand Silver badge

      I guess no one told him that hacking his countrymen was a no-no but hacking the rest of the world was ok.

      Spot on. And it will continue to be as long as the reverse is true.

  4. bishbut13

    Isn't it time someone stood on the rooftop and shouted out NO TECHNOLOGY IS SAFE as is shown nearly ever day not only by the Register but all over the world

    1. Charles 9 Silver badge

      I would just LOVE to see some example of the softest, cuddliest technology you can think off turned to kill...

      What's it going to be? Getting stuffed with cotton balls and left to choke? Poisoned Jell-O?

  5. DropBear Silver badge

    Well now

    A thing to note about the whole Z-wave security issue (quite well emphasized in the original source, strikingly less so in the article) is that a huge portion of the quoted <whatever large number> z-wave devices worldwide have not the faintest clue that secure z-wave even exists, full stop. And yes, that includes a fair number of the ones being sold right now. And some of those that do have to be specifically instructed in a special way to use any security at the time you add them to your network, by using a different procedure than what you'd normally use for a no security join (you did read the leaflet all the way to the end, right?).

    More to the point, there are currently more unicorns in the world than S2-capable devices - specifically, a search of the central registry of z-wave compliant products is right now yielding a grand total of 6 (six) controllers that support it (also pointed out in the original source) - whatever you have now or see in any store you can think of is going include none of them.

    Finally, the "downgrade option" is not so much a bug-type vulnerability but rather just intended interoperability - in the sense that a device that reports gets jammed and spoofed to "report" no support for the S2 mode is accepted to join in a less secure mode; yes, this may not be desirable but the alternative is "this controller only works with S2-capable devices (all fifty or so of them) and DOES NOT with anything S0 or less - boy I sure do hope you know what all those terms are" which is utterly anathema to the "most z-wave stuff typically just works with any other z-wave stuff, of any generation" foundational z-wave principle. I don't see anything like that selling all that well...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020